registry  /  @xuda.io/deploy_module  /  1.1.1021

@xuda.io/deploy_module@1.1.1021

Xuda Deploy Server Module

AI Security Review

scanned 1d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed npm install-time malware was found. The package does have a guarded first-party Full Stack VPS path that provisions Codex and a scoped Xuda agent key on a user-created server.

Static reason
One or more suspicious static signals were detected.
Trigger
Runtime call to deploy_full_stack_vps/deploy_vps or related hosting-management exports
Impact
Can create, configure, re-key, reinstall, or delete managed hosting resources when invoked by the Xuda platform; no unconsented npm lifecycle mutation observed.
Mechanism
First-party deployment orchestration with cloud-init, SSH/scp, provider APIs, and scoped agent setup
Rationale
Static inspection shows a deployment module with powerful but package-aligned cloud/SSH behavior and first-party agent setup, without npm lifecycle execution, unrelated exfiltration, or stealth persistence. This fits a warning-level agent extension lifecycle risk rather than malicious package behavior.
Evidence
package.jsonindex.mjsindex_ms.mjsindex_msa.mjscost.mjs/root/xuda.config.js/etc/profile.d/xuda.sh/var/xuda/tmp/temp_${app_id}
Network endpoints4
deb.nodesource.com/setup_20.x${host}/cpi/digitalocean_webhook?id=${app_id}${_conf.domain}/mcpapi.cloudflare.com/client/v4/ips

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • index.mjs builds Full Stack VPS cloud-init that installs xuda-cli and @openai/codex.
  • index.mjs writes scoped XUDA_API_KEY/XUDA_AGENT_KEY into /root/xuda.config.js and /etc/profile.d/xuda.sh for that VPS.
  • index.mjs uses SSH/scp and provider APIs to provision, modify, and delete remote hosting resources.
  • package.json declares a suspicious child_process dependency name, but source does not import it.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks and no bin entry.
  • Main behavior is exported deployment/server-management functions, not install-time execution.
  • Network/API use is aligned with deployment hosting: DigitalOcean, Proxmox/PBS, Cloudflare IPs, Xuda CPI/MCP.
  • Dynamic imports resolve Xuda modules under process.env.XUDA_HOME and are part of the platform integration.
  • No credential harvesting or exfiltration to unrelated endpoints found in inspected source.
Behavioral surface
Source
DynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 513 KB of source, external domains: api.cloudflare.com, deb.nodesource.com, xuda.ai, xuda.io

Source & flagged code

2 flagged · loading source
index_ms.mjsView file
8L9: const { MessageBroker } = await import(path.join(process.env.XUDA_HOME, 'common', 'ms_broker.mjs')); L10:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

index_ms.mjsView on unpkg · L8
package.jsonView file
Runtime dependency names matching Node built-ins: child_process
High
Node Builtin Dependency Squat

Package declares a runtime dependency whose name matches a Node built-in module.

package.jsonView on unpkg

Findings

1 High3 Medium4 Low
HighNode Builtin Dependency Squatpackage.json
MediumDynamic Requireindex_ms.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings